SOSO Vulnerability Management

Simplifying the industry's convoluted vulnerability management process.

Why you need this

The security industry wants you to follow an overly-complex process for assessing and fixing vulnerabilities.

We say: Go with your gut* - you know your company's P&L statements better than any external group

*Unless you've had food poisoning. In that case, wait until it has passed.
partial cvss scoring process

The SOSO-VMS Process

Just 2 steps!

1. Use your gut to assign a SOSO Vuln Score

Use our optional guidance to help your gut decide

2. Follow the guidance related to the vuln score

If the action items seems too much, you can adjust the vulnerability's score

SOSO-VMR

SOSO Vulnerability Management Framework

Pushing forward industry standards to better-align with the needs of legal persons

Super Critical You need to fix this ASAP (before anyone - hackers, security researchers, etc. - notices)

┻━┻︵ \(°□°)/ ︵ ┻━┻

Critical You need to fix this as soon as you can.

(╯°□°)╯︵ ┻━┻

High Fix this before your next audit, or just take the impacted system completely out of scope for the applicable audit(s)

┬─┬ ノ( ゜-゜ノ)

Medium-well done Congratulate the person who found this with a templatized letter of commendation

へ‿(ツ)‿ㄏ

Medium-medium You could patch, but auditors generally don't care about mediums. So, don't worry about it either

(。_°)☆

Medium-rare This is a vulnerability that took a lot of creativity to find. Send the person who found this a personalized letter of commendation.

٩( ᐛ )و

Low This risk, similar to a global pandemic, is so unlikely to happen that you don't need to do anything about this. Ever.

SOSO Guidance

Optional questions for your gut to consider

Is this actually a vulnerability?

Far too often, "vulnerabilities" are confused for legitimate features.

Will this impact my profits?

What will cost more? Potential regulatory fines/lawsuits or patching?

Is this worth the time?

Do you really want to have to manage this, on top of everything else?

Contact

Contact Us

Address

We currently can't receive carrier pigeons

Call Us

0118 999 881 999 119 7253

Email Us

noreply@sososecuritycert.com

Open Hours

Annually on September 31

Loading
Your message was not sent. Thank you!